From the Google documentation, there is an example that references a variable named $scopes:
$scopes = array('https://www.googleapis.com/auth/sqlservice.admin');
This is for sqlservice. I want to use a different scope. How do I choose the right scope? And how do I know it's the right service for what I want? Is there a list of scopes somewhere that match up to which URL's to use?
That line of code returns an array, even though there is no sqlservice.admin file in the auth folder.
I need to use the drive service.
I'm assuming that I should change that line to:
$scopes = array('https://www.googleapis.com/src/drive.php');
But how that integrates into the bigger picture, I don't understand. Do I also need to call OAuth2.php at some point?
I just realized that the array is pointing towards a https://www.googleapis.com/src/ web address and not a file. And I was looking at the OAuth 2.0 Playground, and there is a list of all the scopes.
And I just noticed that if I hover over an item in the list, a help context balloon appears.
So, I guess I can get a list of scopes and descriptions of the scopes from there, although I'd still like to know if there is an official list somewhere other than on the OAuth2 playground.
Each scope is a URN. They also seem to be URL's, but I don't think that's significant. For your app, it's just a string (or list/array of strings - you can specify more than one) that you need to spell correctly. Each Google service supports a range of scopes, each of which grants different permissions. Generally, somewhere within the documentation pages for each service, you'll find a single page that defines the available scopes. In the case of the Drive service, the scopes are defined at https://developers.google.com/drive/web/scopes
Related
I wrote a code in Google Appscript to index all files in GDrive and try to identify if those files are labelled or not.
For summary, the Labels feature only available in GWorkspace business account and only the admin of the entreprise who have edit access of this feature.
I tried to use seacrhFiles(param) however the "Labels" isn't recognized by q string query Google, do we have another method to do it ?
Thank you,
Features that are part of workspace business accounts. Are not part of the public Google drive api.
You can tell by looking at the file resource object. It does not contain a field called label.
Your not going to find a method in the google drive api that will return a label on a file.
Even a Google Document resource object doesn't have it.
There may be a restricted api just for workspace users you would have to ask. But its not something i have heard of.
There will be a labels API that will allow you to to create, edit, apply, and remove labels programmatically
As of now, this API is still in development (beta stage), but you can get access to it if you contact drive-labels-feedback#google.com.
References:
https://support.google.com/a/answer/9292382?hl=en&fl=1#zippy=%2Cis-it-possible-to-apply-labels-through-an-api
https://issuetracker.google.com/167701931
Our server is customer deployed and uses a Google Drive API key to obtain a tutorial file
listing via
https://www.googleapis.com/drive/v3/files?q=%27FILE_ID%27+in+parents+and+trashed=false&maxResults=1000&key=API_KEY&fields=files(name,webViewLink,id,kind,mimeType)
and file contents via
https://www.googleapis.com/drive/v3/files/FILE_ID/export&key=API_KEY
It is unclear how we can set that API key to be read only though.
I do not see anything on these pages for example,
https://developers.google.com/drive/api/guides/about-auth
https://cloud.google.com/docs/authentication/api-keys
The restrictions you can set to an API key can be found here, so it is not possible to do it this way. Now, the way to achieve what you are trying to do would be by setting up the project with the correct OAuth scopes and using read only scopes, but that can limit your implementation as sometimes the API needs more scopes.
For example, if you were trying to list users using the Directory API, you can see the list of scopes needed here. If you check the list you will see that there is a read only scope listed there.
So, in your project you could just use this specific scope for your implementation, but again some actions require more than just this scope to work, so you could be limited by that as well depending on what your implementation is doing.
Same example for the Drive API in your case. The list of scopes for the Files: list method are here, and you also have read only scopes as you can see in the image below.
So, I've gotten to the point in my app where I can retrieve a list of spreadsheet documents from a user's Google Drive account by using the Google Spreadsheet API. I populate the file list in a ui control that users can click on to then retrieve the list of its worksheets. It's working as expected in some cases, but in others it is not. In my request, I use the url that comes back from the file list, and even so, the API responds with:
Sorry, the file you have requested does not exist.
Make sure that you have the correct URL and that the owner of the file hasn't deleted it.
Well, surely the file wasn't deleted. I got it back in the response to my request for the files list. I also can get to the file via a normal web browser. Also, the URL is correct because that's the one the API responded with. My code does not manipulate the url that comes back in that initial files response. In fact, here is the URL that is used to grab the worksheets:
https://spreadsheets.google.com/feeds/worksheets/{long key here}/private/full
So, my question is why does my request for some worksheets come back with a response with the actual list of worksheets, but on others (which I have access to, and I know exists) I get the faulty response.
Thanks,
Arie
My app is using OAuth 2.0 and I ran into the same error with new Google Sheets. What fixed that was making a change in scope param sent during OAuth's authorize call and then reauthorising (reinitiating OAuth flow and obtaining new tokens).
Until now scope in my app was just:
https://spreadsheets.google.com/feeds
Updated scope and solution to the issue in my case:
https://spreadsheets.google.com/feeds https://docs.google.com/feeds
I'm running into this in my own stuff. At least for what I'm running into, it seems to be an issue with New Sheets. I'm sorry to not have more of a solution (I'm still trying to find out what to fix on my end) but this may help you narrow down the issue.
Our application uses the drive.file scope to make sure we only can see files of our users that have been created by our application.
However, a 'list' call returns files that have been shared with the user even though they are not created by our application.
That can be easily verified in the "Try it!" section of files/list API documentation.
Authorize with drive.file scope and run a simple list query without any parameters. That should return an empty list but in my case returns dozens of files that have been shared with me.
There was the same issue before (a slight variation only affecting queries with q parameter set): Listing files with search query returns out-of-scope results (drive.files.list call, using drive.files scope)
It has been fixed in the meantime but now it seems to be back for all list queries. It's problematic not mainly because it breaks our app that expects nothing but its own files. There is the privacy problem because I can suddenly see the file names of our users' private data, which they have never agreed to.
I believe this issue is due to the behavior of API Explorer, not Drive API itself. If API Explorer already has a token with OAuth scopes capable of making the call, it will use that so if previously given API Explorer a scope that can see all user files, you'll get them all back. Try revoking ALL Explorer tokens for your account at:
https://accounts.google.com/b/0/IssuedAuthSubTokens?hl=en
then, after clearing all cookies/sessions for developers.google.com, try creating a new token with ony the drive.file scope and attempt your API call again.
You should also note that files that are publicly shared will be returned.
My Google Drive app requests the following scopes when exchanging a code for an access token:
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
https://www.googleapis.com/auth/drive.install
In particular, this is the query string of the URL that is eventually being requested from Google during the exchange:
code=XXXXXXXXXX&grant_type=authorization_code&redirect_uri=XXXXXXXXXXX& scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.file+ https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email +https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile +https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.install &client_id=XXXXXX.apps.googleusercontent.com&client_secret=XXXXXX
The response is a 400 error, with the error message "invalid_scope". What am I doing wrong?
[Edit] Additional information:
The error only happens when the user clicks through from Google Drive to create a new document. If I initiate the authentication/authorization flow from my own app, the list of scopes is accepted just fine. If the user clicks through the actual Drive app to create a new document, I get invalid_scopes.
The invalid scope is drive.install. If I remove that from the list of requested scopes when the user shows up to create a new document, things start working again. Does that make any sense at all? If the user has the Drive app installed already via us requesting that scope, why would requesting that same scope when the user shows up from the Drive app cause a problem of any kind?
I experienced a similar problem. The solution was to pass an array of scopes to the google client:
google_client.authorization.scope=[
'https://www.googleapis.com/auth/calendar.readonly',
'https://www.googleapis.com/auth/drive.appdata']
rather than a concatenated string of scopes
google_client.authorization.scope="https://www.googleapis.com/auth/calendar.readonly%2Bhttps://www.googleapis.com/auth/drive.appdata"
The GET request in the Rails log looked identical, but the result was very different!
There is a chance that You might be using tab instead of space between two auth like
https://www.googleapis.com/auth/calendar.readonly https://www.googleapis.com/auth/drive.appdata
putted on new line to show tabs
always use one white space between these two links to authorization.
this had happened with me.
The new google api (at the moment of this answer is posted) requires scope attribute to be one string and scopes separated with white space. So like this
var SCOPES = "https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/gmail.send";
gapi.auth2.init({
client_id:CLIENT_ID,
scope: SCOPES
}).then (...)
You could try not escaping the + symbols. That worked for us.